Included comments by Jason Resch for minor security improvements

2012-10-16 09:50:35 -05:00 · 2012-10-16 09:50:35 -05:00 · 270d1bf303
parent 28d8808d33
commit 270d1bf303
2 changed files with 26 additions and 23 deletions
--- a/srp.c
+++ b/srp.c
@ -411,15 +411,13 @@ static void init_random()
    if (g_initialized)
        return;
    
-    g_initialized = 1;
-    
 #ifdef WIN32
    HCRYPTPROV wctx;
 #else
    FILE   *fp   = 0;
 #endif
    
-    unsigned char buff[32];
+    unsigned char buff[64];

    
 #ifdef WIN32
@ -429,6 +427,8 @@ static void init_random()
        CryptGenRandom(wctx, sizeof(buff), (BYTE*) buff);
        
        CryptReleaseContext(wctx, 0);
+
+        g_initialized = 1;
        
 #else
        fp = fopen("/dev/urandom", "r");
@ -437,16 +437,12 @@ static void init_random()
        {
            fread(buff, sizeof(buff), 1, fp);
            fclose(fp);
-            
-        }
-        else
-        {
-            /* Dirty... but better than nothing. */
-            gettimeofday( (struct timeval *)buff, 0);
+            g_initialized = 1;
        }
 #endif
-    
-    RAND_seed( buff, sizeof(buff) );
+
+    if (g_initialized)
+       RAND_seed( buff, sizeof(buff) );
 }


@ -635,6 +631,7 @@ void srp_verifier_delete( struct SRPVerifier * ver )
      delete_ng( ver->ng );
      free( (char *) ver->username );
      free( (unsigned char *) ver->bytes_B );
+      memset(ver, 0, sizeof(*ver));
      free( ver );
   }
 }
@ -726,7 +723,10 @@ struct SRPUser * srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const
       if (usr->username)
          free((void*)usr->username);
       if (usr->password)
+       {
+          memset((void*)usr->password, 0, usr->password_len);
          free((void*)usr->password);
+       }
       free(usr);
    }
    
@ -744,13 +744,16 @@ void srp_user_delete( struct SRPUser * usr )
      BN_free( usr->S );
      
      delete_ng( usr->ng );
+
+      memset((void*)usr->password, 0, usr->password_len);
      
      free((char *)usr->username);
      free((char *)usr->password);
      
      if (usr->bytes_A) 
         free( (char *)usr->bytes_A );
-      
+
+      memset(usr, 0, sizeof(*usr));
      free( usr );
   }
 }
--- a/srp.h
+++ b/srp.h
@ -84,21 +84,21 @@ typedef enum
 * using cryptographically sound random data on Windows & Linux. If this is
 * undesirable behavior or the host OS does not provide a /dev/urandom file, 
 * this function may be called to seed the random number generator with 
- * alternate data. 
+ * alternate data.
+ *
+ * The random data should include at least as many bits of entropy as the
+ * largest hash function used by the application. So, for example, if a
+ * 512-bit hash function is used, the random data requies at least 512
+ * bits of entropy.
 * 
 * Passing a null pointer to this function will cause this library to skip
- * seeding the random number generator.
+ * seeding the random number generator. This is only legitimate if it is
+ * absolutely known that the OpenSSL random number generator has already
+ * been sufficiently seeded within the running application.
 * 
 * Notes: 
- *    * This function is optional on Windows & Linux.
- * 
- *    * This function is mandatory on all other platforms. Although it
- *      will appear to work on other platforms, this library uses the current
- *      time of day to seed the random number generator. This is well known to
- *      be insecure. 
- * 
- *    * When using this function, ensure the provided random data is
- *      cryptographically strong.
+ *    * This function is optional on Windows & Linux and mandatory on all
+ *      other platforms.
 */
 void srp_random_seed( const unsigned char * random_data, int data_length );